Upload
victoria-elliott
View
223
Download
1
Tags:
Embed Size (px)
Citation preview
2 Guide to Operating System Security
Objectives
Implement directory, folder, and file security Configure shared resource security, using
share permissions in Windows 2000/XP/2003 Use groups to implement security Troubleshoot security
3 Guide to Operating System Security
Directory, Folder, and File Security (Continued)
Access control lists (security descriptors) associate users and groups with specific access capabilities
ACL components Discretionary access control list (DACL) System access control list (SACL)
4 Guide to Operating System Security
Directory, Folder, and File Security (Continued)
Categories of information in an ACL User accounts that can access the object Rights and permissions that determine level of
access Ownership of the object Whether specific events associated with an object
are to be audited
5 Guide to Operating System Security
Windows 2000/XP/2003 Folder and File Security
Use attributes and permissions – related to file system used with the OS
NTFS is better than FAT16 or FAT32 Able to set standard and special permissions Supports use of EFS Enables disk quotas to be set
6 Guide to Operating System Security
Configuring Folder and File Attributes
Attributes in FAT16, FAT32, and NTFS are stored as header information
Attributes available in FAT16/FAT32-formatted disks Read-only Hidden Archive
8 Guide to Operating System Security
NFTS Security Attributes
Read-only Hidden Archive Index Compress Encrypt
10 Guide to Operating System Security
Configuring Folder and File Permissions
Use Add and Remove buttons on folder properties Security tab to change which users and groups have permission
Modify existing permissions by clicking on the group and checking or removing checks in Allow and Deny columns
14 Guide to Operating System Security
UNIX and Linux Directory and File Security (Continued)
Permissions Read (r) Write (w) Execute (x)
Special permissions for executable programs Set User ID (SUID) Set Group ID (SGID)
15 Guide to Operating System Security
UNIX and Linux Directory and File Security (Continued)
Permissions criteria Ownership (o) Group membership (g) Other (o) All (a)
Use chmod command to set up permissions Symbolic format Octal format
Use chown command to change ownership
18 Guide to Operating System Security
NetWare 6.x Directory and File Security
Access controlled through: Attributes associated with files and directories Access rights granted to trustees
26 Guide to Operating System Security
Mac OS X Folder and File Security
Ways to configure file and folder permissions Command-line commands Set Get Info properties of a file
30 Guide to Operating System Security
Shared Resource Security
Sharing or accessing resources – directories, folders, files, and printers – over a network Windows 2000/XP/2003 Red Hat Linux 9.x NetWare 6.x Mac OS X
31 Guide to Operating System Security
Sharing Resources in Windows 2000/XP/2003
Use share permissions Protecting a shared folder
Full Control Change Read
Protecting a shared printer
33 Guide to Operating System Security
Protecting a Shared Printer
Print Manage Documents Manage Printers Special Permissions
Read Change Take Ownership
34 Guide to Operating System Security
Sharing Resources inRed Hat Linux 9.x
Enable access through: Telnet and FTP
• Use with Secure Shell capabilities Network File System (NFS)
Protecting directory resources Protecting printer resources
Queue-based printing Novell Distributed Print Services (NDPS)
35 Guide to Operating System Security
Sharing Resources in NetWare 6.x
Protecting directory resources Mapping and search mapping
• Protects through attributes and trustee access rights
Protecting printer resources
37 Guide to Operating System Security
Sharing Resources inMac OS X
Enable access through System Preferences Protecting a shared folder Protecting a shared printer
38 Guide to Operating System Security
Using Security Groups
Group together accounts that have similar characteristics
Eliminates repetitive steps in managing user and resource access
39 Guide to Operating System Security
Using Groups inWindows 2000/XP/2003
Related to concept of scope of influence Types; used for security and distribution
groups Local Domain local Global Universal
40 Guide to Operating System Security
Implementing Local Groups
Used to manage resources in Windows 2000/XP Professional
42 Guide to Operating System Security
Implementing Domain Local Groups
Used when Active Directory is deployed Used to manage resources in a domain Give access to global groups from the
same/other domains access to those resources
44 Guide to Operating System Security
Implementing Global Groups
Intended to contain user accounts from single domain
Can be set up as member of a domain local group in same or other domain
46 Guide to Operating System Security
Implementing Universal Groups
Spans domains and trees within a Windows Active Directory forest
47 Guide to Operating System Security
Guidelines for Using Groups
Global groups Hold accounts as members
Domain local groups Provide access to resources in a specific domain
Universal groups Provide extensive access to resources
48 Guide to Operating System Security
Using Groups inRed Hat Linux 9.x
Assign each group a unique group identification number (GID)
Assign permissions to access resources to the group
49 Guide to Operating System Security
Using Groups in NetWare 6.x
Create groups with ConsoleOne tool Configure trustee access rights for the group Assign accounts to the group Assign specific login script to the group
50 Guide to Operating System Security
Using Groups in Mac OS X
Automatically managed and assigned by the operating system
51 Guide to Operating System Security
Troubleshooting Security
Windows XP Professional and Windows Server 2003 View the effective permissions
NetWare 6.x View the effective rights
53 Guide to Operating System Security
Summary
How to configure directory, folder, and file security for Windows 2000/XP/2003,Linux 9.x, Netware 6.x, and Mac OS X
How to fine-tune security for common and unique circumstances
Specialized share permissions for Windows-based systems; used when folders are shared across a network through FAT16/32 and NTFS
continued…
54 Guide to Operating System Security
Summary
How to configure and use security groups to manage access to shared resources
How to use effective permissions and effective rights tools in Windows XP/2003 andNetWare 6.x to ensure that directory, folder, and file security is properly set and that there are no security holes